See https://github.com/guardian/identity-platform/pull/755 for more context, but we're currently investigating an issue where if a user doesn't verify their passcode after creating an account, they're left in a state where they're unable to recover themselves or sign in, even if they go through the password reset flow and set a password.
As part of that PR we changed the way that create account works for a user. Now, when using the Okta IDX API, instead of automatically sending the user a passcode, it gives the user an option to select which factor they want to set up when creating an account.
This PR updates our create account flow, so that we take into account this additional step, and perform a check for it (using the new validateEnrollNewRemediation method). If we're in this state we make sure to send the user an OTP first to verify their account, before setting a password as before
It also updates the Cypress tests to take this change into account.
All deployment options
- [Deploy build 9862 of `identity:identity-gateway` to CODE](https://riffraff.gutools.co.uk/deployment/deployAgain?project=identity%3Aidentity-gateway&build=9862&stage=CODE&updateStrategy=MostlyHarmless&action=deploy)
- [Deploy parts of build 9862 to CODE by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=identity%3Aidentity-gateway&build=9862&stage=CODE&updateStrategy=MostlyHarmless)
- [What's on CODE right now?](https://riffraff.gutools.co.uk/deployment/history?projectName=identity%3Aidentity-gateway&stage=CODE)
github-actions[bot]
commented
3 weeks ago
What does this change?
See https://github.com/guardian/identity-platform/pull/755 for more context, but we're currently investigating an issue where if a user doesn't verify their passcode after creating an account, they're left in a state where they're unable to recover themselves or sign in, even if they go through the password reset flow and set a password.
As part of that PR we changed the way that create account works for a user. Now, when using the Okta IDX API, instead of automatically sending the user a passcode, it gives the user an option to select which factor they want to set up when creating an account.
This PR updates our create account flow, so that we take into account this additional step, and perform a check for it (using the new
validateEnrollNewRemediationmethod). If we're in this state we make sure to send the user an OTP first to verify their account, before setting a password as beforeIt also updates the Cypress tests to take this change into account.
Tested CODE